|RFx ID :||23462699|
|Tender Name :||e-Commerce PCI (Payment Card Industry) Scope Reduction vendors|
|Reference # :||3685|
|Open Date :||Thursday, 15 October 2020 9:00 AM (Pacific/Auckland UTC+13:00)|
|Close Date :||Thursday, 29 October 2020 12:00 PM (Pacific/Auckland UTC+13:00)|
|Department/Business Unit :||New Zealand Transport Agency|
|Tender Type :||Request for Information (Market research) (RFI)|
|Tender Coverage :||Sole Agency [?]|
|Required Pre-qualifications :||None|
Tenders Secretary - Miriama Leota
|Alternate Physical Delivery Address :|
|Alternate Physical Fax Number :|
Many customers use Waka Kotahi provided online services, which make it easy for them to do what they need to do: customers access better services faster, for lower cost, and can complete their transactions easily in a digital environment.
Some of the online services include card payments, for which, the customer is redirected to a payment provider’s hosted payment page, in order to reduce the NZTA interaction with cardholder data and the number of applicable PCI DSS compliance requirements. NZTA is a PCI DSS compliant merchant, currently assessed under SAQ A-EP.
Our vision is to secure customer payment card data in compliance with PCI DSS, without reducing the current services and by concurrently reducing the PCI DSS compliance for our online channel systems to SAQ A. To enable this, we need a solution that protects the URL redirect to the payment provider’s hosted payment page (HPP) and validates - in real time - the integrity of our web pages leading up to, and including the redirection to the payment provider’s HPP
As a result, both the risk of data compromise and the PCI DSS compliance related activities are reduced, and overall NZTA will provide an improved customer service.